Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9888072a by security tracker role at 2019-03-13T20:10:27Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2019-9750 (In IoTivity through 1.3.1, the CoAP server interface can be
used for ...)
+ TODO: check
+CVE-2019-9749 (An issue was discovered in the MQTT input plugin in Fluent Bit
through ...)
+ TODO: check
+CVE-2019-9748 (In tinysvcmdns through 2018-01-16, an mDNS server processing a
crafted ...)
+ TODO: check
+CVE-2019-9747 (In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS
...)
+ TODO: check
+CVE-2019-9746 (In libwebm before 2019-03-08, a NULL pointer dereference caused
by the ...)
+ TODO: check
+CVE-2019-9745
+ RESERVED
+CVE-2019-9744
+ RESERVED
+CVE-2019-9743
+ RESERVED
+CVE-2019-9742 (gdwfpcd.sys in G Data Total Security before 2019-02-22 allows
an ...)
+ TODO: check
CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF
injection is ...)
TODO: check
CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16
and ...)
@@ -311,7 +329,7 @@ CVE-2019-9629
RESERVED
CVE-2019-9628 [XML parser class fails to trap exceptions on malformed XML
declaration]
RESERVED
- {DSA-4407-1}
+ {DSA-4407-1 DLA-1710-1}
- xmltooling <unfixed> (bug #924346)
NOTE: https://shibboleth.net/community/advisories/secadv_20190311.txt
NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-143
@@ -4807,6 +4825,7 @@ CVE-2019-7640
CVE-2019-7639 (An issue was discovered in gsi-openssh-server 7.9p1 on Fedora
29. If ...)
NOT-FOR-US: gsi-openssh-server (OpenSSH patched with
openssh-7.9p1-gsissh.patch)
CVE-2019-7638 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4815,6 +4834,7 @@ CVE-2019-7638 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
CVE-2019-7637 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4822,6 +4842,7 @@ CVE-2019-7637 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4497
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3630
CVE-2019-7636 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4830,6 +4851,7 @@ CVE-2019-7636 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://hg.libsdl.org/SDL/rev/19d8c3b9c251 (SDL-1.2)
NOTE: https://hg.libsdl.org/SDL/rev/07c39cbbeacf
CVE-2019-7635 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4959,6 +4981,7 @@ CVE-2019-7580 (ThinkCMF 5.0.190111 allows remote
attackers to execute arbitrary
CVE-2019-7579
RESERVED
CVE-2019-7578 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4966,6 +4989,7 @@ CVE-2019-7578 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4494
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3623
CVE-2019-7577 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4974,6 +4998,7 @@ CVE-2019-7577 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3608
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3694
CVE-2019-7576 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4982,6 +5007,7 @@ CVE-2019-7576 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: Proposed patch:
https://bugzilla.libsdl.org/attachment.cgi?id=3620&action=diff
NOTE: very similar bug to CVE-2019-7573, fix for CVE-2019-7573 is
applicable to this
CVE-2019-7575 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4989,6 +5015,7 @@ CVE-2019-7575 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4493
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3609
CVE-2019-7574 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -4996,6 +5023,7 @@ CVE-2019-7574 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4496
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3610
CVE-2019-7573 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -5003,6 +5031,7 @@ CVE-2019-7573 (SDL (Simple DirectMedia Layer) through
1.2.15 and 2.x through 2.0
NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=4491
NOTE: Proposed patch:
https://bugzilla-attachments.libsdl.org/attachment.cgi?id=3620
CVE-2019-7572 (SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through
2.0.9 has ...)
+ {DLA-1714-1 DLA-1713-1}
- libsdl1.2 <unfixed>
[stretch] - libsdl1.2 <no-dsa> (Minor issue)
- libsdl2 <unfixed>
@@ -13607,6 +13636,7 @@ CVE-2019-3833
- openwsman <itp> (bug #754501)
CVE-2019-3832 [incomplete fix for CVE-2018-19758]
RESERVED
+ {DLA-1712-1}
- libsndfile 1.0.28-6 (bug #922372)
[stretch] - libsndfile <not-affected> (Incomplete fix for
CVE-2018-19758 not applied)
NOTE:
https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436
@@ -13684,6 +13714,7 @@ CVE-2019-3816
RESERVED
- openwsman <itp> (bug #754501)
CVE-2019-3815 (A memory leak was discovered in the backport of fixes for ...)
+ {DLA-1711-1}
- systemd <not-affected> (This only affected backports to older suites,
not the version in sid)
[stretch] - systemd 232-25+deb9u8
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1666690
@@ -29002,8 +29033,8 @@ CVE-2018-17939 (An issue was discovered in GitLab
Community and Enterprise Editi
NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/51956
CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content
spoofing via ...)
NOT-FOR-US: Zimbra
-CVE-2018-17937
- RESERVED
+CVE-2018-17937 (gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3,
an open ...)
+ TODO: check
CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the
upload ...)
NOT-FOR-US: NUUO CMS
CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before
00.0A use ...)
@@ -40477,7 +40508,7 @@ CVE-2018-13421 (Fast C++ CSV Parser (aka
fast-cpp-csv-parser) before 2018-07-06
CVE-2018-13420 (** DISPUTED ** Google gperftools 2.7 has a memory leak in ...)
- google-perftools <unfixed> (unimportant; bug #903248)
NOTE: https://github.com/gperftools/gperftools/issues/1013
-CVE-2018-13419 (An issue has been found in libsndfile 1.0.28. There is a
memory leak in ...)
+CVE-2018-13419 (** DISPUTED ** An issue has been found in libsndfile 1.0.28.
There is ...)
NOTE: Misreport, not reprodiucible by upstream and no test file was
provided
NOTE: https://github.com/erikd/libsndfile/issues/398
CVE-2018-13418 (System command injection in ajaxdata.php in TerraMaster TOS
3.1.03 ...)
@@ -179212,8 +179243,8 @@ CVE-2015-2256
RESERVED
CVE-2015-2255 (Huawei AR1220 routers with software before V200R005SPH006 allow
remote ...)
NOT-FOR-US: Huawei
-CVE-2015-2254
- RESERVED
+CVE-2015-2254 (Huawei OceanStor UDS devices with software before
V100R002C01SPC102 ...)
+ TODO: check
CVE-2015-2253 (The XML interface in Huawei OceanStor UDS devices with software
...)
NOT-FOR-US: Huawei
CVE-2015-2252 (Huawei OceanStor UDS devices with software before
V100R002C01SPC102 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9888072a1c4faaba2d8e06f74a418473a034eb66
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9888072a1c4faaba2d8e06f74a418473a034eb66
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
